The present invention relates to user authentication using images, and more particularly relates to using temporal knowledge of dynamic images.
The use of static visual images as a prompt in a user authentication process is generally known. Typically, the use of such visual images provides a relatively intuitive way for a user to prove knowledge by interacting with the static image, or by selecting one or more images from a predefined set. The use of a static image limits the amount of knowledge a user can impart to the authentication scheme. For example, a user may select three points on an image to indicate knowledge of the position of those three points relative to the image.
“Déjà Vu: A User Study Using Images for Authentication”; Proceedings of the 9th conference on USENIX Security Symposium—Volume 9 (SSYM'00), Vol. 9. USENIX Association, Berkeley, Calif., USA, 4-4 discloses recognition-based, rather than recall-based, authentication which authenticates a user through the ability to recognize previously seen images.
PHP MySQL Tutorial, available at http://www.php-mysql-tutorial.com/wikis/php-tutorial/user-authentication-with-image-verification.aspx, discloses the creation of a login form which displays an image showing random numbers.
“Advantages of User Authentication Using Unclear Images—Automatic Generation of Decoy Images”; Takumi Yamamoto, Atsushi Harada, Takeo Isarida, and Masakatsu Nishigaki; Proceedings of the 2009 International Conference on Advanced Information Networking and Applications (AINA '09). IEEE Computer Society, Washington, D.C., USA discloses a user authentication system using “unclear images” as pass-images, in which only legitimate users can understand the meaning by viewing the original images corresponding to these unclear pass-images, which are meaningless to unauthorized users. This makes it difficult for attackers to memorize them, even though they may have observed authentication trials by legitimate users. Also disclosed is the automatic generation of decoy images, which are displayed along with the pass-images in the authentication window.
U.S. Pat. No. 8,347,103 B2 discloses authentication using a graphical password comprising static images displayed on a display screen. Each static image includes one or more associated attributes. The user sequentially selects static images, and a password is generated based on the combination of attributes of the selected images. The generated password is compared with a previously stored password to authenticate the user.
United States Published Patent Application 2009/0313693 A1 discloses the use of touches and movements on a touch sensitive surface to determine a graphical passcode. A user's selected graphical passcode is stored in memory for comparison to subsequent entries of the graphical passcode in order to authenticate the user.
Moving CAPTCH images, such as from NuCaptcha (http://www.nucaptcha.com/), are available in which a user views a moving image of, e.g., alphanumeric characters, and then inputs the alphanumeric characters themselves in order to identify that the user is a human and not a machine. The use of such images has drawbacks, since such images are static (i.e., unchanging) and are subject to either being computationally solvable (via Optical Character Recognition) or extremely difficult for humans to decipher. Hence, the intended user is discouraged from using the service associated with the authentication.